Skip to content

IdentityAccess table

This table stores the access that a subject has over the different resources.

Column Description Format Required
Id IdentityAccess identifier int
IdSubject Identifier of the subject int
SecurityPath Path of identifiers of the selected element to be authorized. The path follows the Metadata hierarchy model, e.g. 1/10/100 represents the Entity with Id 100 that is associated with the Provider with Id 10 that belongs to the DSU with Id 1 varchar(25)
Filter JSON structure containing a list of pairs -attribute and values- used for filtering. The values property is also list nvarchar(max)
IdDataStorageUnit Computed value. Identifier of the selected Data Storage Unit to which the access levels will be applied based on the value of the SecurityPath int
IdProvider Computed value. Identifier of the selected Provider to which the access levels will be applied based on the value of the SecurityPath int
IdEntity Computed value. Identifier of the selected Entity to which the access levels will be applied based on the value of the SecurityPath int
CanRead Read permissions of the element type -DSU, Entity, Provider-. It's a boolean value, the default value is false. bit
CanWrite Write permissions of the element type -DSU, Entity, Provider-. It's a boolean value, the default value is false. bit
CanDelete Delete permissions of the element type -DSU, Entity, Provider-. It's a boolean value, the default value is false. bit

Filter column

A sample of value for the Filter column would be:

"filter": [
  {
    "attribute": "country",
    "values": ["Ireland", "Spain"]
  },
  {
    "attribute": "department",
    "values": ["marketing", "finances"]
  }
]

The previous Filter sample means that the subject has access only to those Entities that have the value of the Attribute country equals to Ireland or Spain and the value of the Attribute department equals to marketing or finances.

The access level can have the following values:

AccessLevel Definition
None No access
Read Subject can only read
ReadWrite Subject can Read, Insert and Update
ReadWriteDelete Subject can Read, Insert, Update and Delete

The authorization is based on SecurityPath which is a path of identifiers separated by /. The order of the identifiers in the path follows the Metadata model hierarchy:

{Data Storage Unit (DSU) Id}/{Provider Id}/{Entity Id}

For example, the SecurityPath 1/10/100 identifies an Entity with Id 100 which belongs to a Provider with Id 10 that is contained in a DSU with Id 1.


Sidra Ideas Portal


Last update: 2022-09-05
Back to top